Equifax Europe CISO: Notorious breach spurred cybersecurity transformation

When asked about the relationship CISOs should have with their CIOs, to whom many CISOs report, Checa says: “In my opinion, there should be a certain degree of independence between the CIO and the CISO, but every company is different. In our case, our global CISO sits on the global management committee; we do as well at the local level.” He acknowledges, however, that from a tactical perspective, it’s beneficial to have close ties with the company’s IT department. “But, as I said, the important thing is to analyze each company’s specific circumstances, its risk appetite, and what works best for it.”

Looking ahead, Checa states that one of his biggest challenges as Equifax’s CISO for Continental Europe is “continuing to adapt to regulatory changes and being able to anticipate and adjust to all the new threats that emerge.” He adds, “My greatest commitment to the company is to be a security leader that delivers value and business. To be a differentiator. That’s what truly motivates and concerns me.”

Not forgetting all the work Equifax is already doing — which Checa says he can’t reveal — to be prepared for the post-quantum era: “We have very strong internal initiatives in this regard,” he says.

Checa works, as he explains, “to ensure that security truly becomes a differentiator from a business perspective, and this, of course, involves protecting all the highly sensitive information we have about our clients and consumers.”

He acknowledges that the role of CISO is “very stressful, but also very rewarding, requiring you to give your best, keep learning, and always be prepared for change.” He concludes that this role must be aware that “you can never reach the final state of security with all the evolving threats, technologies, and problems that exist today.”